Revision as of 16:44, 14 May 2008

As you probably already know, OWASP has awarded 31 grants to promising application security researchers as part of the OWASP Summer of Code 2008 (SoC 2008).

As a result, we are seeking out for project reviewers so as to have all these projects assessed.

Consequently, if you are interested in performing such task, please don’t hesitate and let us know as soon as possible. As a volunteer organization, we rely absolutely on your contribution. Hence, we lively encourage you to put forward your application to assume this reviewer role.

C. Simplifying , I would say that the work review will basically consist in certifying that the project’s objectives and deliveries were accomplished and, taking into consideration the OWASP Project Assessment criteria, in certifying that the Beta Status was reached. Additionally we expect the reviewer always to be available to provide useful advice to the project developer. These tasks must be performed twice: the first one, the 50% Review, by June 29 and the second one, the Final Review, by September 15.

D. Regarding the question of the project status, it is important to clarify that, even though the majority of the projects have to reach Beta status, there are also some others, in which the status target is Release Quality. That is to say, that each project built on previous work done within OWASP (Existing OWASP Projects) should obtain Reviewers’ agreement that a Release Quality stage was achieved.

3. Who can be a reviewer?

If you are interested in contributing and feeling comfortable with the technical matters in question, you can be project reviewer. We encourage also the OWASP Summer of Code 2008 participants to take part in reviewing someone else’s SoC 2008 project. However, please pay attention to the fact that, at least, one of the two Project Reviewers should be an OWASP Project or Chapter Leader.

4. Will this work be paid?

Well, in terms of paying the market value of your work, we wouldn’t dare say ‘yes’. However, we will reward this contribution either with a free ticket to attend the OWASP NYC AppSec 2008 Conference or with 12,5% of the value of the project to be reviewed.

5. Where can I find the project’s progress page in which I am interested? That is to ask, where can I find the page similar to the one?

Currently, nowhere, but very soon each project will be supplied with its own progress page.

6. So, if I am interested in being one of the reviewers, how should I proceed?

D. As all reviewers must have OWASP Board approval, we will inform you as soon as possible about their decision.

To conclude, having any kind of doubt, don’t hesitate and get back to us.

We thank you in advance,

Paulo Coimbra,
OWASP Project Manager

Previous Updates

APRIL 30:

With regard to the progress pages, we are still working on a sample of it. You can see here and here what we are doing. Once we have it finalized, we’ll get back to you. However, if you need right now to have a wiki page to carry on with your work, you can create your own on the section of Season of Code Projects at the OWASP projects page – later on it can be adapted in accordance with the proposed model.

This situation above has also an impact on the reviewers’ question. We’ve decided to add in the referred above model the specifications to have in consideration for the work review. Hence, we are planning to focus again on finding reviewers only after the model is finished. However, it will happen very soon. Besides, for your information, we are planning to offer to every SoC’s reviewer either a free ticket to attend the OWASP NYC AppSec 2008 Conference or 12,5% of the value of the project to be reviewed.

APRIL 17:

We announce the results of the assessment of OWASP Summer of Code’s 2008 applications that can be found here.

As a swift overview, we would say that we have received 35 applications of which 31 were already accepted. In addition, two applications are waiting for Jury’s decision yet and two more were withdrawn by the author.

Consequently, except for the former two applications referred above, we declare that the working period for the OWASP Summer of Code 2008 has already begun.

MARCH 31:

We announce a two-week-delay in the assessment of OWASP Summer of Code’s 2008 applications. We are now planning to deliver our assessment on the 16th April. Hence, the whole SoC’s 2008 schedule will be postponed two weeks.

As you will see, for each one, we have posted a couple of recommendations. Consequently, we ask that each applicant answer just below our recommendations, whether or not they are accepted. If so, please leave a clear note of it and modify accordingly your applications in the same wiki page.

We also recommend that you state your positions by the 9th of April.

The remaining set of applications can be found on either the Majority Vote Page or Selection Criteria Page. Although the new official date to announce the SoC’s 2008 is now the 16th of April, we will post our assessment as soon as it has been reached. At this moment, the applicants can of course start working. However, we will return to you all later, once the assessment process has been totally completed, with further details.

We understand the inconvenience that this might cause and apologise for that. Although, as we are acting to improve the SoC’s final deliveries, we also ask for your understanding and we thank you in advance.

MARCH 25: Submission period is now closed. The final decision will be announced HERE on the 2nd April. Thanks to everybody who applied for this OWASP Season of Code.

MARCH 12 : If your application for an OWASP Summer of Code 2008 fund wasn’t already submitted just because you are stuck with doubts about a work line to follow, you can skim over the new and greatly improved Request for Proposal List to find a wide-range of options.

MARCH 10: As expected, the applications are coming in!

Please remember to send us an email when you post them on-line. We need to know who you are. :)